feat: Add new entitlement expiration endpoint (#32677)

* feat: add new entitlements expiration endpoint
openedx · Jul 13, 2023 · 7fe5229 · 7fe5229
1 parent 5379daf
commit 7fe5229
Show file tree

Hide file tree

Showing 7 changed files with 326 additions and 10 deletions.
diff --git a/common/djangoapps/entitlements/rest_api/v1/permissions.py b/common/djangoapps/entitlements/rest_api/v1/permissions.py
@@ -4,6 +4,7 @@
 """
 
 
+from django.conf import settings
 from rest_framework.permissions import SAFE_METHODS, BasePermission
 
 from lms.djangoapps.courseware.access import has_access
@@ -15,8 +16,18 @@ class IsAdminOrSupportOrAuthenticatedReadOnly(BasePermission):
     in the SAFE_METHODS list.  For example GET requests will not
     require an Admin or Support user.
     """
+
     def has_permission(self, request, view):
         if request.method in SAFE_METHODS:
             return request.user.is_authenticated
         else:
             return request.user.is_staff or has_access(request.user, "support", "global")
+
+
+class IsSubscriptionWorkerUser(BasePermission):
+    """
+    Method that will require the request to be coming from the subscriptions service worker user.
+    """
+
+    def has_permission(self, request, view):
+        return request.user.username == settings.SUBSCRIPTIONS_SERVICE_WORKER_USERNAME
diff --git a/common/djangoapps/entitlements/rest_api/v1/tests/test_views.py b/common/djangoapps/entitlements/rest_api/v1/tests/test_views.py
@@ -1,12 +1,12 @@
 """
 Test file to test the Entitlement API Views.
 """
-
 import json
 import logging
 import uuid
 from datetime import datetime, timedelta
 from unittest.mock import patch
+from uuid import uuid4
 
 from django.conf import settings
 from django.urls import reverse
@@ -24,17 +24,22 @@
 from openedx.core.djangoapps.site_configuration.tests.factories import SiteFactory
 from openedx.core.djangoapps.user_api.models import UserOrgTag
 from openedx.core.djangolib.testing.utils import skip_unless_lms
-from xmodule.modulestore.tests.django_utils import ModuleStoreTestCase  # lint-amnesty, pylint: disable=wrong-import-order
+from xmodule.modulestore.tests.django_utils import \
+    ModuleStoreTestCase  # lint-amnesty, pylint: disable=wrong-import-order
 from xmodule.modulestore.tests.factories import CourseFactory  # lint-amnesty, pylint: disable=wrong-import-order
 
 log = logging.getLogger(__name__)
 
 # Entitlements is not in CMS' INSTALLED_APPS so these imports will error during test collection
 if settings.ROOT_URLCONF == 'lms.urls':
-    from common.djangoapps.entitlements.tests.factories import CourseEntitlementFactory
-    from common.djangoapps.entitlements.models import CourseEntitlement, CourseEntitlementPolicy, CourseEntitlementSupportDetail  # lint-amnesty, pylint: disable=line-too-long
+    from common.djangoapps.entitlements.models import (  # lint-amnesty, pylint: disable=line-too-long
+        CourseEntitlement,
+        CourseEntitlementPolicy,
+        CourseEntitlementSupportDetail
+    )
     from common.djangoapps.entitlements.rest_api.v1.serializers import CourseEntitlementSerializer
     from common.djangoapps.entitlements.rest_api.v1.views import set_entitlement_policy
+    from common.djangoapps.entitlements.tests.factories import CourseEntitlementFactory
 
 
 @skip_unless_lms
@@ -1231,3 +1236,160 @@ def test_user_is_not_unenrolled_on_failed_refund(
         assert CourseEnrollment.is_enrolled(self.user, self.course.id)
         assert course_entitlement.enrollment_course_run is not None
         assert course_entitlement.expired_at is None
+
+
+@skip_unless_lms
+class RevokeSubscriptionsVerifiedAccessViewTest(ModuleStoreTestCase):
+    """
+    Tests for the RevokeVerifiedAccessView
+    """
+    REVOKE_VERIFIED_ACCESS_PATH = 'entitlements_api:v1:revoke_subscriptions_verified_access'
+
+    def setUp(self):
+        super().setUp()
+        self.user = UserFactory(username="subscriptions_worker", is_staff=True)
+        self.client.login(username=self.user.username, password=TEST_PASSWORD)
+        self.course = CourseFactory()
+        self.course_mode1 = CourseModeFactory(
+            course_id=self.course.id,  # pylint: disable=no-member
+            mode_slug=CourseMode.VERIFIED,
+            expiration_datetime=now() + timedelta(days=1)
+        )
+        self.course_mode2 = CourseModeFactory(
+            course_id=self.course.id,  # pylint: disable=no-member
+            mode_slug=CourseMode.AUDIT,
+            expiration_datetime=now() + timedelta(days=1)
+        )
+
+    @patch('common.djangoapps.entitlements.rest_api.v1.views.get_courses_completion_status')
+    def test_revoke_access_success(self, mock_get_courses_completion_status):
+        mock_get_courses_completion_status.return_value = ([], False)
+        enrollment = CourseEnrollmentFactory.create(
+            user=self.user,
+            course_id=self.course.id,  # pylint: disable=no-member
+            is_active=True,
+            mode=CourseMode.VERIFIED
+        )
+        course_entitlement = CourseEntitlementFactory.create(user=self.user, enrollment_course_run=enrollment)
+        url = reverse(self.REVOKE_VERIFIED_ACCESS_PATH)
+
+        assert course_entitlement.enrollment_course_run is not None
+
+        response = self.client.post(
+            url,
+            data={
+                "entitlement_uuids": [str(course_entitlement.uuid)],
+                "lms_user_id": self.user.id
+            },
+            content_type='application/json',
+        )
+        assert response.status_code == 204
+
+        course_entitlement.refresh_from_db()
+        enrollment.refresh_from_db()
+        assert course_entitlement.expired_at is not None
+        assert course_entitlement.enrollment_course_run is None
+        assert enrollment.mode == CourseMode.AUDIT
+
+    @patch('common.djangoapps.entitlements.rest_api.v1.views.get_courses_completion_status')
+    def test_already_completed_course(self, mock_get_courses_completion_status):
+        enrollment = CourseEnrollmentFactory.create(
+            user=self.user,
+            course_id=self.course.id,  # pylint: disable=no-member
+            is_active=True,
+            mode=CourseMode.VERIFIED
+        )
+        mock_get_courses_completion_status.return_value = ([enrollment.course_id], False)
+        course_entitlement = CourseEntitlementFactory.create(user=self.user, enrollment_course_run=enrollment)
+        url = reverse(self.REVOKE_VERIFIED_ACCESS_PATH)
+
+        assert course_entitlement.enrollment_course_run is not None
+
+        response = self.client.post(
+            url,
+            data={
+                "entitlement_uuids": [str(course_entitlement.uuid)],
+                "lms_user_id": self.user.id
+            },
+            content_type='application/json',
+        )
+        assert response.status_code == 204
+
+        course_entitlement.refresh_from_db()
+        assert course_entitlement.expired_at is None
+        assert course_entitlement.enrollment_course_run.mode == CourseMode.VERIFIED
+
+    @patch('common.djangoapps.entitlements.rest_api.v1.views.log.info')
+    def test_revoke_access_invalid_uuid(self, mock_log):
+        url = reverse(self.REVOKE_VERIFIED_ACCESS_PATH)
+        entitlement_uuids = [str(uuid4())]
+        response = self.client.post(
+            url,
+            data={
+                "entitlement_uuids": entitlement_uuids,
+                "lms_user_id": self.user.id
+            },
+            content_type='application/json',
+        )
+
+        mock_log.assert_called_once_with("B2C_SUBSCRIPTIONS: Entitlements not found for the provided"
+                                         " entitlements data: %s and user: %s",
+                                         entitlement_uuids,
+                                         self.user.id)
+        assert response.status_code == 204
+
+    def test_revoke_access_unauthorized_user(self):
+        user = UserFactory(is_staff=True, username='not_subscriptions_worker')
+        self.client.login(username=user.username, password=TEST_PASSWORD)
+
+        enrollment = CourseEnrollmentFactory.create(
+            user=self.user,
+            course_id=self.course.id,  # pylint: disable=no-member
+            is_active=True,
+            mode=CourseMode.VERIFIED
+        )
+        course_entitlement = CourseEntitlementFactory.create(user=self.user, enrollment_course_run=enrollment)
+        url = reverse(self.REVOKE_VERIFIED_ACCESS_PATH)
+
+        assert course_entitlement.enrollment_course_run is not None
+
+        response = self.client.post(
+            url,
+            data={
+                "entitlement_uuids": [],
+                "lms_user_id": self.user.id
+            },
+            content_type='application/json',
+        )
+        assert response.status_code == 403
+
+        course_entitlement.refresh_from_db()
+        assert course_entitlement.expired_at is None
+        assert course_entitlement.enrollment_course_run.mode == CourseMode.VERIFIED
+
+    @patch('common.djangoapps.entitlements.tasks.retry_revoke_subscriptions_verified_access.apply_async')
+    @patch('common.djangoapps.entitlements.rest_api.v1.views.get_courses_completion_status')
+    def test_course_completion_exception_triggers_task(self, mock_get_courses_completion_status, mock_task):
+        mock_get_courses_completion_status.return_value = ([], True)
+        enrollment = CourseEnrollmentFactory.create(
+            user=self.user,
+            course_id=self.course.id,  # pylint: disable=no-member
+            is_active=True,
+            mode=CourseMode.VERIFIED
+        )
+        course_entitlement = CourseEntitlementFactory.create(user=self.user, enrollment_course_run=enrollment)
+
+        url = reverse(self.REVOKE_VERIFIED_ACCESS_PATH)
+
+        response = self.client.post(
+            url,
+            data={
+                "entitlement_uuids": [str(course_entitlement.uuid)],
+                "lms_user_id": self.user.id
+            },
+            content_type='application/json',
+        )
+        assert response.status_code == 204
+        mock_task.assert_called_once_with(args=([str(course_entitlement.uuid)],
+                                                [str(enrollment.course_id)],
+                                                self.user.id))
diff --git a/common/djangoapps/entitlements/rest_api/v1/urls.py b/common/djangoapps/entitlements/rest_api/v1/urls.py
@@ -3,10 +3,10 @@
 """
 
 from django.conf.urls import include
+from django.urls import path, re_path
 from rest_framework.routers import DefaultRouter
 
-from django.urls import path, re_path
-from .views import EntitlementEnrollmentViewSet, EntitlementViewSet
+from .views import EntitlementEnrollmentViewSet, EntitlementViewSet, SubscriptionsRevokeVerifiedAccessView
 
 router = DefaultRouter()
 router.register(r'entitlements', EntitlementViewSet, basename='entitlements')
@@ -23,5 +23,10 @@
         fr'entitlements/(?P<uuid>{EntitlementViewSet.ENTITLEMENT_UUID4_REGEX})/enrollments$',
         ENROLLMENTS_VIEW,
         name='enrollments'
+    ),
+    path(
+        'subscriptions/entitlements/revoke',
+        SubscriptionsRevokeVerifiedAccessView.as_view(),
+        name='revoke_subscriptions_verified_access'
     )
 ]
diff --git a/common/djangoapps/entitlements/rest_api/v1/views.py b/common/djangoapps/entitlements/rest_api/v1/views.py
@@ -15,6 +15,7 @@
 from rest_framework import permissions, status, viewsets
 from rest_framework.authentication import SessionAuthentication
 from rest_framework.response import Response
+from rest_framework.views import APIView
 
 from common.djangoapps.course_modes.models import CourseMode
 from common.djangoapps.entitlements.models import (  # lint-amnesty, pylint: disable=line-too-long
@@ -23,14 +24,22 @@
     CourseEntitlementSupportDetail
 )
 from common.djangoapps.entitlements.rest_api.v1.filters import CourseEntitlementFilter
-from common.djangoapps.entitlements.rest_api.v1.permissions import IsAdminOrSupportOrAuthenticatedReadOnly
+from common.djangoapps.entitlements.rest_api.v1.permissions import (
+    IsAdminOrSupportOrAuthenticatedReadOnly,
+    IsSubscriptionWorkerUser
+)
 from common.djangoapps.entitlements.rest_api.v1.serializers import CourseEntitlementSerializer
 from common.djangoapps.entitlements.rest_api.v1.throttles import ServiceUserThrottle
-from common.djangoapps.entitlements.utils import is_course_run_entitlement_fulfillable
+from common.djangoapps.entitlements.tasks import retry_revoke_subscriptions_verified_access
+from common.djangoapps.entitlements.utils import (
+    is_course_run_entitlement_fulfillable,
+    revoke_entitlements_and_downgrade_courses_to_audit
+)
 from common.djangoapps.student.models import AlreadyEnrolledError, CourseEnrollment, CourseEnrollmentException
 from openedx.core.djangoapps.catalog.utils import get_course_runs_for_course, get_owners_for_course
 from openedx.core.djangoapps.content.course_overviews.models import CourseOverview
 from openedx.core.djangoapps.cors_csrf.authentication import SessionAuthenticationCrossDomainCsrf
+from openedx.core.djangoapps.credentials.utils import get_courses_completion_status
 from openedx.core.djangoapps.user_api.preferences.api import update_email_opt_in
 
 log = logging.getLogger(__name__)
@@ -521,3 +530,63 @@ def destroy(self, request, uuid):
                 })
 
         return Response(status=status.HTTP_204_NO_CONTENT)
+
+
+class SubscriptionsRevokeVerifiedAccessView(APIView):
+    """
+    Endpoint for expiring entitlements for a user and downgrading the enrollments
+    to Audit mode. This endpoint accepts a list of entitlement UUIDs and will expire
+    the entitlements along with downgrading the related enrollments to Audit mode.
+    Only those enrollments are downgraded to Audit for which user has not been awarded
+    a completion certificate yet.
+    """
+    authentication_classes = (JwtAuthentication, SessionAuthenticationCrossDomainCsrf,)
+    permission_classes = (permissions.IsAuthenticated, IsSubscriptionWorkerUser,)
+    throttle_classes = (ServiceUserThrottle,)
+
+    def _process_revoke_and_downgrade_to_audit(self, course_entitlements, user_id, revocable_entitlement_uuids):
+        """
+        Gets course completion status for the provided course entitlements and triggers the
+        revoke and downgrade to audit process for the course entitlements which are not completed.
+        Triggers the retry task asynchronously if there is an exception while getting the
+        course completion status.
+        """
+        entitled_course_ids = []
+        for course_entitlement in course_entitlements:
+            if course_entitlement.enrollment_course_run is not None:
+                entitled_course_ids.append(str(course_entitlement.enrollment_course_run.course_id))
+
+        awarded_cert_course_ids, is_exception = get_courses_completion_status(user_id, entitled_course_ids)
+
+        if is_exception:
+            # Trigger the retry task asynchronously
+            log.exception('B2C_SUBSCRIPTIONS: Exception occurred while getting course completion status for user %s '
+                          'and entitled_course_ids %s',
+                          user_id,
+                          entitled_course_ids)
+            retry_revoke_subscriptions_verified_access.apply_async(args=(revocable_entitlement_uuids,
+                                                                         entitled_course_ids,
+                                                                         user_id))
+            return
+        revoke_entitlements_and_downgrade_courses_to_audit(course_entitlements, user_id, awarded_cert_course_ids,
+                                                           revocable_entitlement_uuids)
+
+    def post(self, request):
+        """
+        Invokes the entitlements expiration process for the provided uuids and downgrades the
+        enrollments to Audit mode.
+        """
+        revocable_entitlement_uuids = request.data.get('entitlement_uuids', [])
+        user_id = request.data.get('lms_user_id', None)
+        course_entitlements = (CourseEntitlement.objects.filter(uuid__in=revocable_entitlement_uuids).
+                               select_related('user').
+                               select_related('enrollment_course_run'))
+
+        if course_entitlements.exists():
+            self._process_revoke_and_downgrade_to_audit(course_entitlements, user_id, revocable_entitlement_uuids)
+            return Response(status=status.HTTP_204_NO_CONTENT)
+        else:
+            log.info('B2C_SUBSCRIPTIONS: Entitlements not found for the provided entitlements data: %s and user: %s',
+                     revocable_entitlement_uuids,
+                     user_id)
+            return Response(status=status.HTTP_204_NO_CONTENT)